Unrated severityNVD Advisory· Published Feb 7, 2020· Updated Aug 4, 2024

CVE-2020-1700

Description

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.

Affected products

Ceph/Ceph RGW Beastdescription
osv-coords19 versions
pkg:apk/chainguard/ceph-18 pkg:apk/chainguard/ceph-19 pkg:apk/chainguard/ceph-20 pkg:apk/chainguard/ceph-20.2 pkg:apk/chainguard/ceph-20-dev pkg:apk/chainguard/ceph-20-doc pkg:apk/chainguard/ceph-20-libs pkg:apk/chainguard/ceph-dev pkg:apk/wolfi/ceph-19 pkg:apk/wolfi/ceph-20 pkg:apk/wolfi/ceph-20.2 pkg:apk/wolfi/ceph-20-dev pkg:apk/wolfi/ceph-20-doc pkg:apk/wolfi/ceph-20-libs pkg:apk/wolfi/ceph-dev pkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.1 pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
< 0+ 18 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 14.2.5.382+g8881d33957-lp151.2.10.1
- (no CPE)range: < 14.2.5.382+g8881d33957-lp151.2.10.1
- (no CPE)range: < 14.2.5.382+g8881d33957-3.30.1
- (no CPE)range: < 14.2.5.382+g8881d33957-3.30.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.htmlmitrevendor-advisory
usn.ubuntu.com/4304-1/mitrevendor-advisory
lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlmitremailing-list
bugzilla.redhat.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000